Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Implement Manifest Parser for OpenSSF GUAC #606

Open
2 tasks done
melotic opened this issue Jun 14, 2023 · 0 comments
Open
2 tasks done

Implement Manifest Parser for OpenSSF GUAC #606

melotic opened this issue Jun 14, 2023 · 0 comments
Labels
status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality)

Comments

@melotic
Copy link
Member

melotic commented Jun 14, 2023
edited by JamieMagee
Loading

Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance. 1

Since CD has graph output from our Manifest, integrating CD into GUAC is very attractive for them. They would like us to help contribute a parser in Go that can parse our manifest file.

We should also consider #570 to ensure a stable contract.

Tasks
Preview Give feedback
  2. Update verification tests to verify the contract of bcde-manifest.json #570
    status:requirements type:ci

Footnotes

  1. https://github.com/guacsec/guac

@melotic melotic added the status:requirements Full requirements are not yet known, so implementation should not be started label Jun 14, 2023
@melotic melotic changed the title Implement Manifest Parser for GUAC Implement Manifest Parser for OpenSSF GUAC Jun 14, 2023
@cobya cobya added the type:feature Feature (new functionality) label Jun 26, 2023
@cobya cobya moved this from Ready to Backlog in Component Detection - Library Improvements May 15, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality)
Projects
Component Detection - Library Improvements
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cobya @melotic